Are Free Services Doing Enough to Protect Our Data?

May has been a terrible month for services that offer users a free system in return for data collection / future upsells. We’ve had massive data leaks sitting alongside misplaced data, and in general users, of major services have been left with very little in the way of answers. In this article we ask the question as to just how free services can get away with this poor protection for data and what customers can do.

Google Analytics One of the biggest problems affecting the world of SEO right now is that any Google Analytics data that was tracked for April is not showing in user accounts. This problem was highlighted by Google on the 9th May and they have since advised it will not be resolved until 23rd May.

This means 14 days of no benchmarking on past data and no ability to show clients data in April. As Google Analytics is a free service there is nothing users can do to speed up the process and it’s just a case of sitting and waiting. You have to wonder whether Google AdWords, one of the main revenue drivers for Google, would receive a much quicker resolution than 14 days.

What Can Customers Do: Install another Analytics service on your website to ensure that if one ever goes down you’ll have a backup set of data.

Sony Playstation Network Easily the most high profile freemium service to see user data hit in 2011, the Sony Playstation Network saw Millions of user details stolen. In fact it was such a bad attack that Sony stopped all online services for almost a full month.

Sony need to be sure they have patched the leak before they reopen the network, but the extent of this delay is what has offended so many. It also raises concerns as to whether Sony could build in adequate security measures for a free service. Xbox Live is a mostly paid service, which was not hit by an attack. After PSN was hit, Xbox Live would have been a target for a lot of hackers who wanted to achieve the same thing. It has yet to fall, leading many to suspect it has far superior security measures and has more incentive to keep them maintained due to higher income for the channel.

What Can Customers Do: If you have a PS3 you’re stuck until Sony say so, which is far from ideal. Customers are at the mercy of Sony, and there’s no alternate provider for the console. The strongest statement a customer can make is to boycott the console.

Facebook The privacy settings of Facebook are under constant scrutiny, and it isn’t unsubstantiated either. In July 2010 Rob Bowes, a security consultant, was able to gain the Facebook data of 100 million users. eConsultancy reports that he then gave away these details for free. Any marketing company could grab these details and do with them whatever they wished.

Source: http://www.bbc.co.uk/news/technology-10796584

Bowes did this to highlight a hole in their security and to promote his tool, Ncrack, and he didn’t really have to try that hard. He simply scraped publicly available information and compiled it in to a single spreadsheet. Anyone could get this data for one person, and the fact Bowes was able to do it for millions just exploited an already available loophole, just with greater ramifications.

What Can Customers Do: Block every single one of your Facebook details from all but your friends, or don’t publish anything on Facebook you wouldn’t want to be public knowledge.

Gawker We expect blogs to be free, but we still expect them to be safe. One of the most visited network of blogs in the world Gawker had to urge all its subscribers to change their passwords when their user database was hacked. Users were also advised to change passwords on any other websites if the same password was used there too.

Gawker may be free for users, but it makes millions in advertising revenue every year. It would have plenty to invest in creating a secure database of user details and protecting this data. It could be argued it’s not their fault they were hacked, but Gawker acknowledged this as a problem on their part and that they “We should not be in the position of relying on the goodwill of the hackers who identified the weakness in our systems.”

What Can Customers Do: If customers use unique passwords on each website then this isn’t too big a concern. If you ever feel your account has suspicious activity then report it to the site owner.

Blippy Blippy let’s you share purchasing information with friends and for a short time it also shared credit card details with everyone else. In the early days of the site Blippy could easily be scraped by Google, and when the Googlebot came along it also took user credit card details as well.

Shortly afterwards Blippy stopped Googlebots crawling this data, but this was a leak of data that clearly wasn’t properly protected. Blippy should have used secure servers for this data and they’re lucky it only affected four Beta users of the site. Even if a website is in Beta the protection of data should be a top priority. They made it worse too by calling it “no big deal“.

What Can Customers Do: If you don’t feel a website is established enough then don’t enter any sensitive personal information. It’s just not worth the risk.

iContact Email Marketing services aren’t safe either. Nekkid Ninjas noticed their users were getting spam emails, including one user who had only ever used an email address on their site. They investigated the issue and found this was due a hack of iContact which was also reported on other sites.

What Can Customers Do: With email spam becoming less effective the hacking of email websites is going to increase. When joining an email list check who the provider is, if you’ve never heard of them then don’t give your details.

Summary Free stuff is a wonderful thing but it should never mean a bad service. If you are offering customers a free or freemium service then you have a responsibility to keep their data protected and provide a good level of support.

It’s not enough to say that it’s the fault of hackers; if you are a big website / brand you have to assume that there is a good chance that you’re going to be hacked and therefore need to protect customer details based on the threat level. As a website gets bigger it needs to take more steps to stop data leaks. If that’s not something that can be delivered then you need to rethink your business model.

Share this post

Mike Essex specialises in digital marketing and everything search. A recent project of Mike’s was featured on BBC News, Radio 5Live and the Times here in the UK, whilst also featuring on USA Today and ABC News in the US. He will be writing throughout the month about digital marketing and much more...

What do you think?

Related Posts

As a business owner, it’s likely that you use Google Analytics to track data on your website. Whilst Google Analytics is a fantastically useful tool, there is one area that can cause inaccuracies – the use of sampled data. Find out what this could mean for your website and business. If you’ve read any of […]

In today’s Digital landscape, social media is a great tool for businesses to communicate and build relationships with audiences. In most cases, it has become an essential tool for long terms success and survival, particularly if you’re in a volatile or busy market. To ensure that your business doesn’t drop the ball on Social Media, […]

Protecting brands online isn’t just reserved for businesses. Charities are branded too. Does your charity rank for its brand name, the cause it fights for and its latest campaign? And why does that even matter? Let’s find out! Online Brand Protection in a Nutshell Keeping tabs of your brand online is not limited to social […]

Meta data is only one piece of the SEO jigsaw, however it is a pretty big and important part. Getting it wrong or being lazy will hold you at a disadvantage to your competitors, and hinder your ability to rank well for targeted search terms. Here we will look at which Meta tags you need […]

As a charity, you rely on getting your message out there about the great work you do, in order to encourage donations and fundraising activity. This means marketing is naturally important to you, but as a non-profit organisation you need to ensure you’re using your budget as effectively as possible. Well how about if you […]

As the SEO industry progresses it’s becoming less about ticking boxes and more about providing a better experience for your users. To do this, the first place you need to start is with Analytics – it’s fundamental to a successful SEO campaign. In previous years it could be argued that succeeding at SEO didn’t require […]

Social Media – still a taboo subject for far too many companies. It’s also often overlooked as a genuine marketing tool. But this needn’t be the case. Social Media is both an effective marketing tool that delivers strong ROI – but only if used correctly. Let’s look into this further. Many preach its importance, but […]

When many people think of paid advertising or Pay Per Click (PPC) marketing they automatically think of Google AdWords, and for good reason. Google AdWords has by far the biggest reach available to all advertisers. However, paid advertising doesn’t just stop there – here is my guide to the best of the rest. Google’s market share […]

Predictive Analytics is a term commonly used in conjunction with ‘Big Data’, but without really understanding the meaning of the term, the concept can be pretty useless. So, let’s find out what exactly Predictive Analytics is and why it can be beneficial for your digital marketing campaigns. Predictive Analytics is the use of data science […]

In the competitive world of AdWords, Content Marketing can be Pay Per Click’s greatest ali. Why? There are three main reasons. This blog post will look at how slick content can save you money and boost AdWords conversions. The three reasons that content and PPC work together include: Great content can improve your Quality Score overnight. […]

Digital Marketing Ideas Every Month

Sign up to receive our free monthly email. Including our favourite pieces of news from the digital marketing industry.

From SEO to PPC, Social Media to Brand Management and Analytics, we'll keep you informed.